Red Hat Security Advisory 2022-6503-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2022:6503-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6503  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-28199  
====================================================================  
1. Summary:

An update for openvswitch2.13 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: error recovery in mlx5 driver not handled properly, allowing for  
denial of service (CVE-2022-28199)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2123549 - CVE-2022-28199 dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch2.17-2.17.0-32.4.el9fdp.src.rpm

aarch64:  
openvswitch2.17-2.17.0-32.4.el9fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-32.4.el9fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-32.4.el9fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-32.4.el9fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-32.4.el9fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-32.4.el9fdp.noarch.rpm

ppc64le:  
openvswitch2.17-2.17.0-32.4.el9fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-32.4.el9fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-32.4.el9fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-32.4.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-32.4.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.ppc64le.rpm

s390x:  
openvswitch2.17-2.17.0-32.4.el9fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-32.4.el9fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-32.4.el9fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-32.4.el9fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-32.4.el9fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.s390x.rpm

x86_64:  
openvswitch2.17-2.17.0-32.4.el9fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-32.4.el9fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-32.4.el9fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-32.4.el9fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-32.4.el9fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-32.4.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-28199  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyEqnNzjgjWX9erEAQiQlhAAo0WuIomRRgTRFhRrnXzmxJhJlfWbMT34  
6D8XvqIxhp+FzwfqqBWPCyBb/94gsjvElOr0KJHAF0hLUB/FDstxDWAZym+QgUQW  
kMoTq4rExnP0cI88AKiPPsG3wBVgKMBWX+ehD2es63fUAvo7KK4F8e8yvyGtj1fn  
PbDX88MUkrap5VF8tup5ETIQB8vg68jevhYeJQagEBZfP1QXyNKSXbQZXQtY4N0r  
k6vSuW9D4aAo/PPL0difuWZhRdmiht/+KiUH5X3I+mg4C0XN27sdEPeerP9fcBgH  
IX2XCpUSUhVmuFg04ReVuAZrhnYteODC0VEKPnpnKJYnMpByQ1pvRIwZsF7Qfb7V  
gwbLSzngqW9bCWXVpPkLVouOiw7TCU2I/cZJevNind0q5dTwPsORhATn9tmOacxe  
fEwcgYXJXPnehX5RyoJ00DwgjAtxXokM/1NG7+CyXagmALNyy4jl+EGcR1/Oc0R+  
1zXl1RM486yjHqjwHuOmhkeYSGP2vmMzrPV+TkvC2cOBeElklFKwOBTTiMwCAeTv  
BMLJit1alU2VDe72l86Rd4GhbXCi97NEqdg1/OtAISZ5rFZW+BmwLxNhBTbIgHZy  
GMAgQoG/oZZrJ1NrTrqbuwB8i0XwWMfpRJ5RMTftI6laE+1k7AELCx4SVwp3M4u0  
KxCcYkjNZrw=azTE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6503-01

Red Hat Security Advisory 2022-6502-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.13 security update  
Advisory ID:       RHSA-2022:6502-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6502  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-28199  
====================================================================  
1. Summary:

An update for openvswitch2.13 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: error recovery in mlx5 driver not handled properly, allowing for  
denial of service (CVE-2022-28199)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2123549 - CVE-2022-28199 dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.13-2.13.0-193.3.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.13-2.13.0-193.3.el8fdp.aarch64.rpm  
openvswitch2.13-2.13.0-193.3.el8fdp.aarch64.rpm  
openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.aarch64.rpm  
openvswitch2.13-debugsource-2.13.0-193.3.el8fdp.aarch64.rpm  
openvswitch2.13-devel-2.13.0-193.3.el8fdp.aarch64.rpm  
openvswitch2.13-ipsec-2.13.0-193.3.el8fdp.aarch64.rpm  
python3-openvswitch2.13-2.13.0-193.3.el8fdp.aarch64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.aarch64.rpm

noarch:  
openvswitch2.13-test-2.13.0-193.3.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.13-2.13.0-193.3.el8fdp.ppc64le.rpm  
openvswitch2.13-2.13.0-193.3.el8fdp.ppc64le.rpm  
openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.ppc64le.rpm  
openvswitch2.13-debugsource-2.13.0-193.3.el8fdp.ppc64le.rpm  
openvswitch2.13-devel-2.13.0-193.3.el8fdp.ppc64le.rpm  
openvswitch2.13-ipsec-2.13.0-193.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-2.13.0-193.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.13-2.13.0-193.3.el8fdp.s390x.rpm  
openvswitch2.13-2.13.0-193.3.el8fdp.s390x.rpm  
openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.s390x.rpm  
openvswitch2.13-debugsource-2.13.0-193.3.el8fdp.s390x.rpm  
openvswitch2.13-devel-2.13.0-193.3.el8fdp.s390x.rpm  
openvswitch2.13-ipsec-2.13.0-193.3.el8fdp.s390x.rpm  
python3-openvswitch2.13-2.13.0-193.3.el8fdp.s390x.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.13-2.13.0-193.3.el8fdp.x86_64.rpm  
openvswitch2.13-2.13.0-193.3.el8fdp.x86_64.rpm  
openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.x86_64.rpm  
openvswitch2.13-debugsource-2.13.0-193.3.el8fdp.x86_64.rpm  
openvswitch2.13-devel-2.13.0-193.3.el8fdp.x86_64.rpm  
openvswitch2.13-ipsec-2.13.0-193.3.el8fdp.x86_64.rpm  
python3-openvswitch2.13-2.13.0-193.3.el8fdp.x86_64.rpm  
python3-openvswitch2.13-debuginfo-2.13.0-193.3.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-28199  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyEqoNzjgjWX9erEAQhuVhAAk+0xP7u9xosSSBVFcs1kf/k1BvIWPyrh  
rQjPF3yjXUVSMqlSVVj+KYHJ4NnRcKr/Ov9Y8znRAGAb/PYy42TQSYGUQgXsn96T  
9d/KloOXmZT1XHq/XwB6s66f4GA/wtoXMHS5EYiW7fhAKLi28rpATkDNg0koIsRD  
sAI0SVsiAQZjnyWo84KsqIp4xC4mO6W4WH0hbCWq5lsZhxK4TFyn5J2OyqTHM2u2  
qnlBp13RFJpwpcAlmb7MGwoNIMRjQKdvw4Fm99uOhCTxHNAmQoNfUuqgk5WY/+hg  
CWeTOiCN2jYkTBcisGR5ouYC+LPoCjLJQqUfppa42Xd96O9R4AlGMeCxeriC34JT  
rhge5jAawTDG1RWQxGNEK8vdp2uZT/3oselKJPn5kQErR5AeeTGHjHv0/UA/olSm  
aPq24sXRXChbrZgOTQpU1c3laJxhO45+VcUVV3Hp+WTE7GwbwBy2Y4Lbv99QuTdY  
hBO2TsBIz3VYKQ7xbGP7lDmykkrIxz1vNLXpDStmLiPzT4bzchNR54WZAUA0RrkU  
o//TWEfXE2D4yW1ZQ/gfQQ1XrAb4fRM603ai7uxpp6iZie8jQD/vAxZSp4zGzlqW  
prRtniUI/tm/mtl0alC+cNt5xo+IX9cFboA26bbKTtdlckswrq6uLMH8i626tGpM  
PFBkZbsSircwJ9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6502-01

Red Hat Security Advisory 2022-6505-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.15 security update  
Advisory ID:       RHSA-2022:6505-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6505  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-28199  
====================================================================  
1. Summary:

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: error recovery in mlx5 driver not handled properly, allowing for  
denial of service (CVE-2022-28199)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2123549 - CVE-2022-28199 dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.15-2.15.0-113.3.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.15-2.15.0-113.3.el8fdp.aarch64.rpm  
openvswitch2.15-2.15.0-113.3.el8fdp.aarch64.rpm  
openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.aarch64.rpm  
openvswitch2.15-debugsource-2.15.0-113.3.el8fdp.aarch64.rpm  
openvswitch2.15-devel-2.15.0-113.3.el8fdp.aarch64.rpm  
openvswitch2.15-ipsec-2.15.0-113.3.el8fdp.aarch64.rpm  
python3-openvswitch2.15-2.15.0-113.3.el8fdp.aarch64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.aarch64.rpm

noarch:  
openvswitch2.15-test-2.15.0-113.3.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.15-2.15.0-113.3.el8fdp.ppc64le.rpm  
openvswitch2.15-2.15.0-113.3.el8fdp.ppc64le.rpm  
openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.ppc64le.rpm  
openvswitch2.15-debugsource-2.15.0-113.3.el8fdp.ppc64le.rpm  
openvswitch2.15-devel-2.15.0-113.3.el8fdp.ppc64le.rpm  
openvswitch2.15-ipsec-2.15.0-113.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-2.15.0-113.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.15-2.15.0-113.3.el8fdp.s390x.rpm  
openvswitch2.15-2.15.0-113.3.el8fdp.s390x.rpm  
openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.s390x.rpm  
openvswitch2.15-debugsource-2.15.0-113.3.el8fdp.s390x.rpm  
openvswitch2.15-devel-2.15.0-113.3.el8fdp.s390x.rpm  
openvswitch2.15-ipsec-2.15.0-113.3.el8fdp.s390x.rpm  
python3-openvswitch2.15-2.15.0-113.3.el8fdp.s390x.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.15-2.15.0-113.3.el8fdp.x86_64.rpm  
openvswitch2.15-2.15.0-113.3.el8fdp.x86_64.rpm  
openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.x86_64.rpm  
openvswitch2.15-debugsource-2.15.0-113.3.el8fdp.x86_64.rpm  
openvswitch2.15-devel-2.15.0-113.3.el8fdp.x86_64.rpm  
openvswitch2.15-ipsec-2.15.0-113.3.el8fdp.x86_64.rpm  
python3-openvswitch2.15-2.15.0-113.3.el8fdp.x86_64.rpm  
python3-openvswitch2.15-debuginfo-2.15.0-113.3.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-28199  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyEqktzjgjWX9erEAQhiTw//U7hzly0a3xVXw+cW2G0tnHu2BSibf/9n  
Usl6g2bjcU6e+k00aih/Fz9npyPVlbO8rXjhi4SHnKtykDirC4fekEcT+7z+oIsq  
CqIdpede8yDgOG7YXpSPMG8BpAJHcPU2YsF1ZJgizvn5gTCZ7CU9IPhkqttPD/l3  
GgKixnXrhaZh38XE+vdHbj81RXGKT/uFx5GVp7PunLOdPPdUiMzY/b4JzYEeDU5l  
PyVrMP5Q4OU4iIhHiPMDCJ2S30pxFhH6wkcr0TPTe3pHjaYgvlLwIxFqL4/CVHi+  
uZN+fsDhTfQCXhKKXc6jn+ogt7b+s+dzOX9/qaULSRzUoOdxrW6Hxg9QbBU+R8fS  
x0Ie8XCF9wku3bj9NMkph4VbESgnzVHI64ri4zQKRD4R4C3Rvqhh7qmRYYPHAZ/5  
i8Ok+1HgZIW97RNW8YmdaJnVIM3MBE7jiC6EzCQF1WVjmW/OO8i3O0sZd3troCL0  
FGcE9wmyOI+9gwOZ+1aafxDlXjVdunMwBIHvGjE/BxCtY4MeT7j1VdwbvTXgsZIQ  
CgCTYvZfLfYckSTV8Jsf9Nw+79WKx/KD9Cz2tJSdFGqgmirgyITKDDuUK1ZxAAhO  
yXvsGWN2NcUhqjq9+aePwT+y8KA/OvzItIU1+o8Ty5ya8MGHddB4MwGk8seOsinE  
zbVZ+vYiNPw=ScRD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6505-01

Red Hat Security Advisory 2022-6506-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.16 security update  
Advisory ID:       RHSA-2022:6506-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6506  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-28199  
====================================================================  
1. Summary:

An update for openvswitch2.13 is now available for Fast Datapath for Red  
Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* dpdk: error recovery in mlx5 driver not handled properly, allowing for  
denial of service (CVE-2022-28199)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2123549 - CVE-2022-28199 dpdk: error recovery in mlx5 driver not handled properly, allowing for denial of service

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.16-2.16.0-89.3.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.16-2.16.0-89.3.el8fdp.aarch64.rpm  
openvswitch2.16-2.16.0-89.3.el8fdp.aarch64.rpm  
openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.aarch64.rpm  
openvswitch2.16-debugsource-2.16.0-89.3.el8fdp.aarch64.rpm  
openvswitch2.16-devel-2.16.0-89.3.el8fdp.aarch64.rpm  
openvswitch2.16-ipsec-2.16.0-89.3.el8fdp.aarch64.rpm  
python3-openvswitch2.16-2.16.0-89.3.el8fdp.aarch64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.aarch64.rpm

noarch:  
openvswitch2.16-test-2.16.0-89.3.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.16-2.16.0-89.3.el8fdp.ppc64le.rpm  
openvswitch2.16-2.16.0-89.3.el8fdp.ppc64le.rpm  
openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.ppc64le.rpm  
openvswitch2.16-debugsource-2.16.0-89.3.el8fdp.ppc64le.rpm  
openvswitch2.16-devel-2.16.0-89.3.el8fdp.ppc64le.rpm  
openvswitch2.16-ipsec-2.16.0-89.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-2.16.0-89.3.el8fdp.ppc64le.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.16-2.16.0-89.3.el8fdp.s390x.rpm  
openvswitch2.16-2.16.0-89.3.el8fdp.s390x.rpm  
openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.s390x.rpm  
openvswitch2.16-debugsource-2.16.0-89.3.el8fdp.s390x.rpm  
openvswitch2.16-devel-2.16.0-89.3.el8fdp.s390x.rpm  
openvswitch2.16-ipsec-2.16.0-89.3.el8fdp.s390x.rpm  
python3-openvswitch2.16-2.16.0-89.3.el8fdp.s390x.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.16-2.16.0-89.3.el8fdp.x86_64.rpm  
openvswitch2.16-2.16.0-89.3.el8fdp.x86_64.rpm  
openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.x86_64.rpm  
openvswitch2.16-debugsource-2.16.0-89.3.el8fdp.x86_64.rpm  
openvswitch2.16-devel-2.16.0-89.3.el8fdp.x86_64.rpm  
openvswitch2.16-ipsec-2.16.0-89.3.el8fdp.x86_64.rpm  
python3-openvswitch2.16-2.16.0-89.3.el8fdp.x86_64.rpm  
python3-openvswitch2.16-debuginfo-2.16.0-89.3.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-28199  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyEqjdzjgjWX9erEAQhE3Q//bp1gswIwxUqofEcVwBVaZknVih4w/zUe  
0suuFF3XyXCuYgPbN6jQWtWFfYjmMHpZ7zprc9gDSDN/LyJWkCQhk3iC8ZJSu0HN  
UVOEt7neLIYeFmJLoct7hfJl9E9aky6huqXW5SPLW7XWhYUVpBFbsVeH/FbZAOJs  
mgLYsIa1rYvaciIXB0D6k9f8Dgzk/uRCgCwKNnrH3EtoMDCF1bnkYHcl49kvm27c  
SdAVkL3M8qrNnuvPXiVPqPUKZZJti/M0dGTbXjK9KzMTP330GW7OYqj7c+KaBKS/  
9UMHbOqKyxjbq82XJwO9zcrxv2PClynitfS1oCDuVk+3G3iQu27XEqdnyfT4+glZ  
C85mwSjWPLaOL0Sf7FEmsolGd5qgZJ7hDqrPL2ZU4mnFHzi/viEQSBKV9xj3Q3Tl  
BfTo5Ka1f/I/aWdRSbx6RY7w6iJDfj4WRMTDbxAhtBRKrkat88gMRVtcxFAvwsxi  
qTrYz+E1bVY/1Gg8oc9+s3JmrdWGQaoYgAMwiPYQlqHOT23z6nKMaTkg4J/yG1y8  
Oxb9cDC3nvra8OlwAFS/Q7JHooxFvBOTJHmV8jpuzs7BBsIVS4z0yqB4YjOhDsmq  
WAFlB8Yx05E5wxY6QzNGZvfjgfzO25RUP8gptBiSUK1uyYwsULY6U3kA8+depklX  
39Cf5SJEuZY=w94+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6506-01

Ubuntu Security Notice 5609-1 - Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-5609-1September 13, 2022dotnet6 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:.NET 6 could be made to crash if it parsed a specially crafted file.Software Description:- dotnet6: dotNET CLI tools and runtimeDetails:Graham Esau discovered that .NET 6 incorrectly parsed certain payloadsduring model binding. An attacker could possibly use this issue tocause a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   aspnetcore-runtime-6.0          6.0.109-0ubuntu1~22.04.1   dotnet-host                             6.0.109-0ubuntu1~22.04.1   dotnet-hostfxr-6.0                   6.0.109-0ubuntu1~22.04.1   dotnet-runtime-6.0                  6.0.109-0ubuntu1~22.04.1   dotnet-sdk-6.0                        6.0.109-0ubuntu1~22.04.1   dotnet6                                   6.0.109-0ubuntu1~22.04.1In general, a standard system update will make all the necessary changes. A restart may be required after the update if any affected files are being used.References:   https://ubuntu.com/security/notices/USN-5609-1   CVE-2022-38013Package Information:   https://launchpad.net/ubuntu/+source/dotnet6/6.0.109-0ubuntu1~22.04.1

Ubuntu Security Notice USN-5609-1

Ubuntu Security Notice 5608-1 - It was discovered that DPDK incorrectly handled certain Vhost headers. A remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5608-1  
September 13, 2022

dpdk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

DPDK could be made to stop responding if it received specially crafted  
network traffic.

Software Description:  
- dpdk: set of libraries for fast packet processing

Details:

It was discovered that DPDK incorrectly handled certain Vhost headers. A  
remote attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  dpdk                            21.11.2-0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  dpdk                            19.11.13-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:  
  dpdk                            17.11.10-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5608-1  
  CVE-2022-2132

Package Information:  
  https://launchpad.net/ubuntu/+source/dpdk/21.11.2-0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/dpdk/19.11.13-0ubuntu0.20.04.1  
  https://launchpad.net/ubuntu/+source/dpdk/17.11.10-0ubuntu0.2

Ubuntu Security Notice USN-5608-1

Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.

An apparent operational security slip-up by a member of the TeamTNT threat group has exposed some of the tactics it's using to exploit poorly configured Docker servers.

Security researchers from Trend Micro recently set up a honeypot with an exposed Docker REST API to try and understand how threat actors in general are exploiting vulnerabilities and misconfigurations in the widely used cloud container platform. They discovered TeamTNT — a group known for its cloud-specific campaigns — making at least three attempts to exploit its Docker honeypot.

"On one of our honeypots, we had intentionally exposed a server with the Docker Daemon exposed over REST API," says Nitesh Surana, threat research engineer at Trend Micro. "The threat actors found the misconfiguration and exploited it thrice from IPs based in Germany, where they were logged in to their DockerHub registry," Surana says. "Based on our observation, the motivation of the attacker was to exploit the Docker REST API and compromise the underlying server to perform cryptojacking."

The security vendor's analysis of the activity eventually led to uncovering credentials for at least two DockerHub accounts that TeamTNT controlled (the group was abusing DockerHub free Container Registry services) and was using to distribute a variety of malicious payloads, including coin miners.  

One of the accounts (with the name "alpineos") hosted a malicious container image containing rootkits, kits for Docker container escape, the XMRig Monero coin miner, credential stealers, and Kubernetes exploit kits. 

Trend Micro discovered the malicious image had been downloaded more than 150,000 times, which could translate into a wide swath of infections.

The other account (sandeep078) hosted a similar malicious container image but had far fewer "pulls" — just about 200 — compared with the former. Trend Micro pointed to three scenarios that likely resulted in the leak of the TeamTNT Docker registry account credentials. These include a failure to logout from the DockerHub account or their machines being self-infected.  

**Malicious Cloud Container Images: A Useful Feature**

Developers often expose the Docker daemon over its REST API so they can create containers and run Docker commands on remote servers. However, if the remote servers are not properly configured — for instance, by making them publicly accessible — attackers can exploit the servers, Surana says.

In these instances, threat actors can spin up a container on the compromised server from images that execute malicious scripts. Typically, these malicious images are hosted on container registries such as DockerHub, Amazon Elastic Container Registry (ECR), and Alibaba Container Registry. Attackers can use either compromised accounts on these registries to host the malicious images, or they can establish their own, Trend Micro has previously noted. Attackers can also host malicious images on their own private container registry.   

Containers that are spun up from a malicious image can be used for a variety of malicious activities, Surana notes. "When a server running Docker has its Docker Daemon publicly exposed over REST API, an attacker can abuse and create containers on the host based on attacker-controlled images," he says.

**A Plethora of Cyberattacker Payload Options**

These images may contain cryptominers, exploit kits, container escape tools, network, and enumeration tools. "Attackers could perform crypto-jacking, denial of service, lateral movement, privilege escalation, and other techniques within the environment using these containers," according to the analysis.  

"Developer-centric tools like Docker have been known to be abused extensively. It’s important to educate \[developers\] at large by creating policies for access and credential use, as well as generate threat models of their environments," Surana advocates.

Organizations should also ensure that containers and APIs are always properly configured to ensure that exploits are minimized. This includes ensuring that they are accessible only by the internal network or by trusted sources. In addition, they should follow Docker's guidelines for strengthening security. "With the rising number of malicious open source packages targeting user credentials," Surana says, "users should avoid storing credentials in files. Instead, they are advised to choose tools such as credential stores and helpers."

TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

CVE-2022-34100: AirMedia Binary Hijack

09/09/22

More information

Threat:

The Lockheed Martin Red Team has discovered a vulnerability found in the AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.

Identifier:

CVE-2022-34100

How is Crestron Affected:

Please update the AirMedia Deployable and Guest Application to version 5.5.1.87 to resolve this issue

CVE-2022-34101: AirMedia Rogue DLL

09/09/22

More information

Threat:

The Lockheed Martin Red Team has discovered a vulnerability found in the AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.

Identifier:

CVE-2022-34101

How is Crestron Affected:

Please update the AirMedia Deployable and Guest Applications to version 5.5.1.87 to resolve this issue.

CVE-2022-34102: AirMedia Command Prompt Hijack

09/09/22

More information

Threat:

The Lockheed Martin Red Team has discovered a vulnerability found in the AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

Identifier:

CVE-2022-34102

How is Crestron Affected:

Please update the Air Media Deployable and Guest Applications to version 5.5.1.87 to resolve this issue.

CVE-2022-22707: Lighttpd Denial-of-Service

05/17/22

More information

Threat:

Crestron is aware of an issue affecting lighttpd versions 1.4.46 through 1.4.63. Under certain non-default configurations, an attacker can perform a remote denial of service attack with a stack-based buffer overflow.

Identifier:

CVE-2022-22707

How is Crestron Affected:

Crestron devices are not affected because they do not utilize the vulnerable configurations.

CVE-2022-22965: Spring4Shell

03/31/22

More information

Threat:

This vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

How is Crestron Affected:

Crestron products do not make use of this framework and as such are not vulnerable.

Resources:

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement  
 

CVE-2022-23178: Web Interface Credentials in Cleartext

01/24/22

More information

Threat:

Crestron is aware of an issue discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

Identifier:

CVE-2022-23178

How is Crestron Affected:

This vulnerability affects the following products:

*   HD-MD4x1-4K-E
*   HD-MD4x2-4K-E
*   HD-MD6x2-4K-E

Crestron recommends placing the devices on an isolated network.  
Note that the following (4KZ) models are NOT affected by this vulnerability and can be used in place of the affected products.

*   HD-MD4x1-4KZ-E
*   HD-MD4x2-4KZ-E
*   HD-MD6x2-4KZ-E

CVE-2018-15473: OpenSSH User Enumeration

01/12/22

More information

Threat:

Crestron is aware of OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.  
 

Identifier:

This vulnerability has been assigned CVE identifier CVE-2018-15473.

How is Crestron Affected:

This vulnerability affects the following products: All 3-Series Control Systems including but not limited to CP3, RMC3, CP3N, PRO3, and all "x52 Series touchscreens" including but not limited to TSW-552, TSW-1052, TSW-752, TSS-752

Crestron 3-Series Control Systems now uses a customized version of OpenSSH. The Crestron version was modified to replace the cryptographic functions with NIST certified alternatives as well as to remove/modify vulnerable components. Crestron continues to monitor OpenSSH vulnerabilities to apply appropriate fixes.

While the TSW and TSS panels noted use OpenSSH 7.5, they don’t support the features related to this vulnerability. Due to these circumstances, Crestron is not susceptible. Newer touchscreens use a later version of OpenSSH which is not susceptible.

Resources:

For more information, please see 3-Series Control System release notes: v.1.601.0050

Apache Log4j

12/15/21

More information

Threat:

From the offiical vulnerability registration: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. It was later found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. 

Identifier:

CVE-2021-44228, CVE-2021-4104, CVE-2021-45046

How is Crestron Affected:

Crestron has completed a review of all its products and services and have found none which use Log4j and therefore none are affected by this vulnerability.

Resources:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046  
 

NUCLEUS:13

11/09/21

More information

Threat:

A set of vulnerabilities related to the Nucleus Operating System were disclosed by Siemens on November 9, 2021. The official report can be found here and the researcher’s findings can be found here.  
These vulnerabilities have been assigned the following CVEs.

*   CVE-2021-31344 - ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network.
*    CVE-2021-31345 - The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol.
*   CVE-2021-31346 - The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory.
*   CVE-2021-31881\- When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions.
*   CVE-2021-31882 - The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions.
*   CVE-2021-31883 - When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions.
*   CVE-2021-31884 - The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions.
*   CVE-2021-31885 - TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands.
*   CVE-2021-31886 - FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution.
*   CVE-2021-31887 - FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution.
*   CVE-2021-31888 - FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution.
*   CVE-2021-31889 - Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions.
*   CVE-2021-31890 - The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory.

Identifier:

2021-31885, 2021-31886, 2021-31887, 2021-31888, 2021-31881, 2021-31882, 2021-31883, 2021-31884, 2021-31344, 2021-31345, 2021-31346, 2021-31889, 2021-31890

How is Crestron Affected:

Crestron has reviewed products utilizing Nucleus and has found none of its products to be affected.

For reference, a partial list of Crestron products utilizing Nucleus follows:

*   2-Series Control Processors – most of these products are discontinued with the notable exceptions of the GLPAC and GL-IPAC
*   DM-MD6X4 and DM-MD6X6
*   DMC-CPU-8/16
*   DMPS3-300-C and DMPS3-300-C-AEC - (Used on Internal Components only - no direct network access)
*   SWAMP and related products
*   CEN-TRACK

Resources:

https://www.forescout.com/research-labs/nucleus-13/  
https://www.siemens.com/cert/advisories

direct link to

*   pdf: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
*   txt: https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt
*   csaf: https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json

ThroughTek's Kalay Platform

08/25/21

More information

Threat:

There is a critical vulnerability that has been discovered that affects the IoT devices that use ThroughTek’s “Kalay” network. Exploiting this vulnerability allows the attacker to listen to live audio, watch real time video data and compromise the credentials on the device for further attacks. This can let the attacker remotely control the device.  
 

Identifier:

This vulnerability has been assigned CVE identifier CVE-2021-28372

How is Crestron Affected:

This vulnerability has no impact on Crestron devices as they do not use the ThroughTek “Kalay” network.  
 

|<  <   **1** 2 3 4 5 6    \>  \>| Pages: 1 of 6

CVE-2022-34102: Crestron Electronics, Inc.

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

Microsoft addressed a pair of important-rated zero-day bugs in its September Patch Tuesday update, including a local privilege-escalation (LPE) that's being actively exploited in the wild. To boot, it disclosed three separate critical vulnerabilities that could be used for worming attacks.

The patches are part of a cache of just 64 fixed vulnerabilities from Microsoft this week, the fewest for any month this year (and almost a 50% decrease from August). The disclosed bugs affect Microsoft Windows and Windows Components; Azure and Azure Arc; .NET, Visual Studio, .NET Framework; Microsoft Edge (Chromium-based); Office and Office Components; Windows Defender; and Linux Kernel.

**A Pair of Zero-Day Vulnerabilities**

The actively exploited vulnerability (CVE-2022-37969, with a CVSS score of 7.8) exists in the Windows Common Log File System Driver, which is a general-purpose logging subsystem first introduced in Windows 2003 R2 OS and which has shipped with all later versions. An exploit for the bug allows an attacker with initial system access to elevate their privilege to SYSTEM privileges on a zero-click basis.

"No other technical details are available, but since the vulnerability has low complexity and requires no user interaction, an exploit will likely soon be in the arsenal of both white hats and black hats," Mike Walters, cybersecurity executive and co-founder of Action1, wrote in an analysis provided to Dark Reading. "It’s recommended that you deploy the patch as soon as possible."

Dustin Childs of Trend Micro's Zero Day Initiative (ZDI) noted that it's likely being deployed in a tidy exploit chain package.

"Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link," he wrote in his Patch Tuesday blog post. "Once they do, additional code executes with elevated privileges to take over a system."

This is one for everyone to patch quickly, he stressed: "Usually, we get little information on how widespread an exploit may be used. However, Microsoft credits four different agencies reporting this bug, so it’s likely beyond just targeted attacks."

The other zero-day bug (CVE-2022-23960) exists in Windows 11 for ARM64-based Systems. Microsoft didn't provide any further details, and it was not assigned a CVSS score, but Bharat Jogi, director of vulnerability and threat research at Qualys, offered context in an emailed comment, noting that it's a processor-based speculative execution issue of the sort made infamous with the Spectre and Meltdown attacks. A successful exploit would give attackers access to sensitive information.

"This \[is\] a fix for a vulnerability known as Spectre-BHB that affects ARM64-based systems," he noted. "This vulnerability is a variant of Spectre v2 which has reinvented itself on numerous occasions and has affected various processor architectures since its discovery in 2017."

He added, "This class of vulnerabilities poses a large headache to the organizations attempting mitigation, as they often require updates to the operating systems, firmware, and in some cases, a recompilation of applications and hardening."

**Five Critical Bugs for September**

As mentioned, three of the critical-rated bugs are wormable — i.e., could be used to spread infections from machine to machine with no user interaction.

The most concerning of these is likely CVE-2022-34718, researchers said, which can be found in Windows TCP/IP. It allows a remote, unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction; and it can be exploited by sending a specially crafted IPv6 packet to a Windows node where IPsec is enabled.

"That officially puts it into the 'wormable' category and earns it a CVSS rating of 9.8," Childs said. "Definitely test and deploy this update quickly."

It should be noted that it only affects systems with IPv6 enabled and IPsec configured, but this is a common setup.

"If a system doesn’t need the IPsec service, disable it as soon as possible," said Action1's Walters. "This vulnerability can be exploited in supply chain attacks where contractor and customer networks are connected by an IPsec tunnel. If you have IPsec tunnels in your Windows infrastructure, this update is a must-have."

The other two wormable bugs, CVE-2022-34722 and CVE-2022-34721, are both found in Windows Internet Key Exchange (IKE) Protocol Extensions. They both allow RCE by sending a specially crafted IP packet to a target machine that is running Windows and has IPsec enabled, and both carry a CVSS score of 9.8.

Walters noted that the vulnerability impacts only IKEv1 and not IKEv2. "However, all Windows Servers are affected because they accept both V1 and V2 packets," he wrote. "There is no exploit or PoC detected in the wild yet; however, installing the fix is highly advisable."

The final two critical bugs (CVE-2022-34700 and CVE-2022-35805) both exist in Dynamics 365 (On-Premises), and "could allow an authenticated user to perform SQL injection attacks and execute commands as db\_owner within their Dynamics 356 database," Childs explained. They have a CVSS score of 8.8.

**Other Vulnerabilities of Note**

As for noncritical flaws to pay attention to first this month, Childs also flagged a denial-of-service bug in Windows DNS server (CVE-2022-34724, CVSS score of 7.5), which can be exploited by remote, unauthenticated attacker to knock out DNS service used to connect to cloud resources and websites.

While there's no chance of code execution, the bug should be treated as critical, he added. "With so many resources in the cloud, a loss of DNS pointing the way to those resources could be catastrophic for many enterprises," Childs said.

Rapid7's Patch Tuesday analysis this month, sent via email, also noted that SharePoint administrators should also be aware of four separate RCE bugs, all rated important (CVE-2022-35823, CVE-2022-37961, CVE-2022-38008, and CVE-2022-38009).

And there's a large swath of RCE bugs affecting OLE DB Provider for SQL Server and the Microsoft ODBC Driver (CVE-2022-34731; CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, and CVE-2022-35840).

"These require some social engineering to exploit, by convincing a user to either connect to a malicious SQL Server or open a maliciously crafted .mdb (Access) file," Greg Wiseman, product manager at Rapid7, explained in the analysis.

Overall, administrators should have an easier time parsing the lighter patch load this month, but ZDI's Childs noted that the smaller collection is in line with the volume of patches from previous September releases. Qualys' Jogi also pointed out that while September's Patch Tuesday clocks in on the lighter side, Microsoft hit a milestone of fixing the 1,000th CVE of the year, meaning the software giant is "likely on track to surpass 2021, which patched 1,200 CVEs in total."

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

  

**Summary**

IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool.

**Vulnerability Details**

**CVEID:**   CVE-2022-35637  
**DESCRIPTION:**   IBM DbB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230823 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

All fix pack levels of IBM Db2 V10.5, V11.1, and V11.5 server editions on all platforms are affected.  

IBM Db2 versions 9.7 and 10.1 are not affected.

**Remediation/Fixes**

Customers running any vulnerable fixpack level of an affected Program, V10.5, v11.1 and V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release:  V10.5 FP11, V11.1.4 FP7, and V11.5.7. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.

**Release**

**Fixed in fix pack**

**APAR**

**Download URL**

V10.5

TBD

IT41339

Special Build for V10.5 FP11:

AIX 64-bit  
HP-UX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ big endian  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Solaris 64-bit, x86-64  
Windows 32-bit, x86  
Windows 64-bit, x86  
Inspur

V11.1

TBD

IT41338

Special Build for V11.1.4 FP7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Solaris 64-bit, SPARC  
Windows 32-bit, x86  
Windows 64-bit, x86

V11.5

TBD

IT41312

Special Build for V11.5.7:

AIX 64-bit  
Linux 32-bit, x86-32  
Linux 64-bit, x86-64  
Linux 64-bit, POWER™ little endian  
Linux 64-bit, System z®, System z9® or zSeries®  
Windows 32-bit, x86  
Windows 64-bit, x86

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

12 Sep 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF027","label":"Solaris"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"10.5, 11.1, 11.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2022-35637: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

Tag

#dos